If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

I will answer the second question first. Basically you cannot see all the forums. Some are restricted and some are obsolete given the current site format.

As for cookies being stolen, I would say that it would be generally possible, but would depend very much on circumstances, as would the significance.

For example when I log on I get cookies from Google and Yahoo. I don't think that stealing those would be of any value to anyone?

When I browse the net I pick up cookies that I would consider to be equally valueless.

My browser is set to only retain cookies for the session and to clear them when I close it.

When I leave a site that requires a logon, I always log out to close the session. I also close my browser to clear my private data locally.

If you have closed the session then the session cookie is pretty much useless.

EDIT:

I will clarify what I am talking about. I am envisaging that I connect my dial-up or ADSL modem and connect to an ISP.

I then visit site "A" and pick up a cookie....................I then go to site "B" So that gives us the following:

1. If I have disabled all cookies then no site can set them or read (steal) them.

2. If I have specifically allowed cookies for site "A" but not "B" then "B" should not be able to read site A's cookie.

3. If I restart my browser/clear private data before visiting site "B", then once again there is nothing there to steal.

4. If site "A" has terminated my session when I left it, then it doesn't matter if site "B" can read it from my browser because it has expired, and won't be accepted anymore.

5. Where I have a secure logon and leave the session open, it should still be protected by the site as it shouldn't allow more than one active session for the same user.

Last edited by nihil; February 23rd, 2009 at 07:57 AM.

If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?

I had found out that alot of the crappy scripts JP put on the site didn't consistently need "cookies". Alot of the junk he put up could be parced straight through a single URL. So what happend was I put up a URL in my signature that forced everyone to Neg another user.

macnux: Do some reading on the Same Origin Policy (http://en.wikipedia.org/wiki/Same_origin_policy). Essentially a website would have to violate the Same Origin Policy in order to access your cookies. Does this happen? Sure... Do some googling and you'll find lots of cases of vulnerabilities in browsers that have allowed people to bypass the policy over time.

IT Blog: .:Computer Defense:.PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".